EP1768043A3 - Sicherheitsrisikoanalyse auf Informationssystemservice-Ebene - Google Patents

Sicherheitsrisikoanalyse auf Informationssystemservice-Ebene Download PDF

Info

Publication number
EP1768043A3
EP1768043A3 EP06300970A EP06300970A EP1768043A3 EP 1768043 A3 EP1768043 A3 EP 1768043A3 EP 06300970 A EP06300970 A EP 06300970A EP 06300970 A EP06300970 A EP 06300970A EP 1768043 A3 EP1768043 A3 EP 1768043A3
Authority
EP
European Patent Office
Prior art keywords
service
security
information system
relationship
security risk
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
EP06300970A
Other languages
English (en)
French (fr)
Other versions
EP1768043A2 (de
Inventor
Douglas Wiemer
Christophe Gustave
Stanley Taihai Chow
Bradley Kenneth Mcfarlane
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alcatel Lucent SAS
Original Assignee
Alcatel Lucent SAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US11/232,004 external-priority patent/US20070067845A1/en
Application filed by Alcatel Lucent SAS filed Critical Alcatel Lucent SAS
Publication of EP1768043A2 publication Critical patent/EP1768043A2/de
Publication of EP1768043A3 publication Critical patent/EP1768043A3/de
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
EP06300970A 2005-09-22 2006-09-21 Sicherheitsrisikoanalyse auf Informationssystemservice-Ebene Ceased EP1768043A3 (de)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US11/232,004 US20070067845A1 (en) 2005-09-22 2005-09-22 Application of cut-sets to network interdependency security risk assessment
US11/366,101 US8438643B2 (en) 2005-09-22 2006-03-02 Information system service-level security risk analysis

Publications (2)

Publication Number Publication Date
EP1768043A2 EP1768043A2 (de) 2007-03-28
EP1768043A3 true EP1768043A3 (de) 2008-07-02

Family

ID=37496656

Family Applications (1)

Application Number Title Priority Date Filing Date
EP06300970A Ceased EP1768043A3 (de) 2005-09-22 2006-09-21 Sicherheitsrisikoanalyse auf Informationssystemservice-Ebene

Country Status (2)

Country Link
US (1) US8438643B2 (de)
EP (1) EP1768043A3 (de)

Families Citing this family (121)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070113272A2 (en) * 2003-07-01 2007-05-17 Securityprofiling, Inc. Real-time vulnerability monitoring
US7743421B2 (en) * 2005-05-18 2010-06-22 Alcatel Lucent Communication network security risk exposure management systems and methods
US8438643B2 (en) 2005-09-22 2013-05-07 Alcatel Lucent Information system service-level security risk analysis
US8544098B2 (en) 2005-09-22 2013-09-24 Alcatel Lucent Security vulnerability information aggregation
US8095984B2 (en) * 2005-09-22 2012-01-10 Alcatel Lucent Systems and methods of associating security vulnerabilities and assets
US7747494B1 (en) * 2006-05-24 2010-06-29 Pravin Kothari Non-determinative risk simulation
US8429708B1 (en) * 2006-06-23 2013-04-23 Sanjay Tandon Method and system for assessing cumulative access entitlements of an entity in a system
US8112801B2 (en) * 2007-01-23 2012-02-07 Alcatel Lucent Method and apparatus for detecting malware
US8250645B2 (en) * 2008-06-25 2012-08-21 Alcatel Lucent Malware detection methods and systems for multiple users sharing common access switch
US7908660B2 (en) * 2007-02-06 2011-03-15 Microsoft Corporation Dynamic risk management
US8209760B1 (en) * 2007-06-27 2012-06-26 Symantec Corporation Quantifying a property of a focus computing resource based on proximity to other computing resources
KR20090037538A (ko) * 2007-10-12 2009-04-16 한국정보보호진흥원 정보자산 모델링을 이용한 위험 평가 방법
US9143523B2 (en) * 2007-12-31 2015-09-22 Phillip King-Wilson Assessing threat to at least one computer network
US20090178131A1 (en) * 2008-01-08 2009-07-09 Microsoft Corporation Globally distributed infrastructure for secure content management
US8181249B2 (en) 2008-02-29 2012-05-15 Alcatel Lucent Malware detection system and method
US8341740B2 (en) * 2008-05-21 2012-12-25 Alcatel Lucent Method and system for identifying enterprise network hosts infected with slow and/or distributed scanning malware
US8910255B2 (en) * 2008-05-27 2014-12-09 Microsoft Corporation Authentication for distributed secure content management system
US8533843B2 (en) * 2008-10-13 2013-09-10 Hewlett-Packard Development Company, L. P. Device, method, and program product for determining an overall business service vulnerability score
US20100192228A1 (en) * 2009-01-28 2010-07-29 Hewlett-Packard Development Company, L.P. Device, method and program product for prioritizing security flaw mitigation tasks in a business service
US8549628B2 (en) * 2009-04-07 2013-10-01 Alcatel Lucent Method and apparatus to measure the security of a system, network, or application
GB0909079D0 (en) 2009-05-27 2009-07-01 Quantar Llp Assessing threat to at least one computer network
US8856315B2 (en) * 2009-05-29 2014-10-07 Verizon Patent And Licensing Inc. Device classification system
US9329951B2 (en) 2009-07-31 2016-05-03 Paypal, Inc. System and method to uniformly manage operational life cycles and service levels
US8397301B2 (en) * 2009-11-18 2013-03-12 Lookout, Inc. System and method for identifying and assessing vulnerabilities on a mobile communication device
WO2011063269A1 (en) * 2009-11-20 2011-05-26 Alert Enterprise, Inc. Method and apparatus for risk visualization and remediation
US10027711B2 (en) 2009-11-20 2018-07-17 Alert Enterprise, Inc. Situational intelligence
US10019677B2 (en) 2009-11-20 2018-07-10 Alert Enterprise, Inc. Active policy enforcement
US20110125548A1 (en) * 2009-11-25 2011-05-26 Michal Aharon Business services risk management
US9754225B2 (en) * 2010-03-22 2017-09-05 Micro Focus Software Inc. Automated risk assessment and management
US9245246B2 (en) * 2010-04-22 2016-01-26 International Business Machines Corporation Capacity over-commit management in resource provisioning environments
EP2385676B1 (de) * 2010-05-07 2019-06-26 Alcatel Lucent Verfahren zur Anpassung von Sicherheitsrichtlinien einer Informationssysteminfrastruktur
US9762605B2 (en) 2011-12-22 2017-09-12 Phillip King-Wilson Apparatus and method for assessing financial loss from cyber threats capable of affecting at least one computer network
US9288224B2 (en) 2010-09-01 2016-03-15 Quantar Solutions Limited Assessing threat to at least one computer network
EP2506519A1 (de) * 2011-03-25 2012-10-03 EADS Deutschland GmbH Verfahren zur Bestimmung der Integrität in einem evolutionären kollaborativen Informationssystem
JP2012215994A (ja) * 2011-03-31 2012-11-08 Hitachi Ltd セキュリティレベル可視化装置
US8789192B2 (en) * 2011-05-23 2014-07-22 Lockheed Martin Corporation Enterprise vulnerability management
CN103563302B (zh) * 2011-06-01 2016-09-14 惠普发展公司,有限责任合伙企业 网络资产信息管理
US20120311166A1 (en) * 2011-06-03 2012-12-06 Garcia Jr Roberto Pipe Selection Heuristics
US9811667B2 (en) * 2011-09-21 2017-11-07 Mcafee, Inc. System and method for grouping computer vulnerabilities
US8595845B2 (en) * 2012-01-19 2013-11-26 Mcafee, Inc. Calculating quantitative asset risk
US10275267B1 (en) * 2012-10-22 2019-04-30 Amazon Technologies, Inc. Trust-based resource allocation
US9298925B1 (en) * 2013-03-08 2016-03-29 Ca, Inc. Supply chain cyber security auditing systems, methods and computer program products
US9912683B2 (en) * 2013-04-10 2018-03-06 The United States Of America As Represented By The Secretary Of The Army Method and apparatus for determining a criticality surface of assets to enhance cyber defense
US8973134B2 (en) 2013-05-14 2015-03-03 International Business Machines Corporation Software vulnerability notification via icon decorations
EP2816773B1 (de) * 2013-06-18 2018-10-03 Alcatel Lucent Verfahren zur Berechnung und Analyse von Risiken und zugehörige Vorrichtung
AU2014302024A1 (en) * 2013-06-26 2016-02-11 Climate Risk Pty Ltd Computer implemented frameworks and methodologies for enabling climate change related risk analysis
US11157664B2 (en) 2013-07-09 2021-10-26 Oracle International Corporation Database modeling and analysis
US9747311B2 (en) 2013-07-09 2017-08-29 Oracle International Corporation Solution to generate a scriptset for an automated database migration
US9996562B2 (en) 2013-07-09 2018-06-12 Oracle International Corporation Automated database migration architecture
US9805070B2 (en) 2013-07-09 2017-10-31 Oracle International Corporation Dynamic migration script management
US10776244B2 (en) * 2013-07-09 2020-09-15 Oracle International Corporation Consolidation planning services for systems migration
US9276951B2 (en) * 2013-08-23 2016-03-01 The Boeing Company System and method for discovering optimal network attack paths
US9246935B2 (en) * 2013-10-14 2016-01-26 Intuit Inc. Method and system for dynamic and comprehensive vulnerability management
US9501345B1 (en) 2013-12-23 2016-11-22 Intuit Inc. Method and system for creating enriched log data
US20150304343A1 (en) 2014-04-18 2015-10-22 Intuit Inc. Method and system for providing self-monitoring, self-reporting, and self-repairing virtual assets in a cloud computing environment
US9325726B2 (en) 2014-02-03 2016-04-26 Intuit Inc. Method and system for virtual asset assisted extrusion and intrusion detection in a cloud computing environment
US10757133B2 (en) 2014-02-21 2020-08-25 Intuit Inc. Method and system for creating and deploying virtual assets
US9866581B2 (en) 2014-06-30 2018-01-09 Intuit Inc. Method and system for secure delivery of information to computing environments
US9886581B2 (en) * 2014-02-25 2018-02-06 Accenture Global Solutions Limited Automated intelligence graph construction and countermeasure deployment
US9276945B2 (en) 2014-04-07 2016-03-01 Intuit Inc. Method and system for providing security aware applications
US9245117B2 (en) 2014-03-31 2016-01-26 Intuit Inc. Method and system for comparing different versions of a cloud based application in a production environment using segregated backend systems
US9201933B2 (en) * 2014-04-01 2015-12-01 BizDox, LLC Systems and methods for documenting, analyzing, and supporting information technology infrastructure
US11294700B2 (en) 2014-04-18 2022-04-05 Intuit Inc. Method and system for enabling self-monitoring virtual assets to correlate external events with characteristic patterns associated with the virtual assets
US9900322B2 (en) 2014-04-30 2018-02-20 Intuit Inc. Method and system for providing permissions management
US9330263B2 (en) 2014-05-27 2016-05-03 Intuit Inc. Method and apparatus for automating the building of threat models for the public cloud
US10102082B2 (en) 2014-07-31 2018-10-16 Intuit Inc. Method and system for providing automated self-healing virtual assets
US9473481B2 (en) 2014-07-31 2016-10-18 Intuit Inc. Method and system for providing a virtual asset perimeter
WO2016069616A1 (en) * 2014-10-27 2016-05-06 Onapsis, Inc. System and method for automatic calculation of cyber-risk in business- critical applications
US9648036B2 (en) * 2014-12-29 2017-05-09 Palantir Technologies Inc. Systems for network risk assessment including processing of user access rights associated with a network of devices
US9467455B2 (en) 2014-12-29 2016-10-11 Palantir Technologies Inc. Systems for network risk assessment including processing of user access rights associated with a network of devices
US9413786B1 (en) * 2015-02-04 2016-08-09 International Business Machines Corporation Dynamic enterprise security control based on user risk factors
US10021119B2 (en) 2015-02-06 2018-07-10 Honeywell International Inc. Apparatus and method for automatic handling of cyber-security risk events
US10075474B2 (en) 2015-02-06 2018-09-11 Honeywell International Inc. Notification subsystem for generating consolidated, filtered, and relevant security risk-based notifications
US20160234243A1 (en) * 2015-02-06 2016-08-11 Honeywell International Inc. Technique for using infrastructure monitoring software to collect cyber-security risk data
US10075475B2 (en) 2015-02-06 2018-09-11 Honeywell International Inc. Apparatus and method for dynamic customization of cyber-security risk item rules
US10021125B2 (en) 2015-02-06 2018-07-10 Honeywell International Inc. Infrastructure monitoring tool for collecting industrial process control and automation system risk data
US10298608B2 (en) 2015-02-11 2019-05-21 Honeywell International Inc. Apparatus and method for tying cyber-security risk analysis to common risk methodologies and risk levels
US10140453B1 (en) * 2015-03-16 2018-11-27 Amazon Technologies, Inc. Vulnerability management using taxonomy-based normalization
US9800604B2 (en) 2015-05-06 2017-10-24 Honeywell International Inc. Apparatus and method for assigning cyber-security risk consequences in industrial process control environments
US9990501B2 (en) * 2015-06-24 2018-06-05 Alcatel Lucent Diagnosing and tracking product vulnerabilities for telecommunication devices via a database
WO2017177077A2 (en) * 2016-04-08 2017-10-12 Cloud Knox, Inc. Method and system to detect discrepancy in infrastructure security configurations from translated security best practice configurations in heterogeneous environments
US11036696B2 (en) 2016-06-07 2021-06-15 Oracle International Corporation Resource allocation for database provisioning
US20180032929A1 (en) * 2016-07-29 2018-02-01 Ca, Inc. Risk-adaptive agile software development
CN106878251B (zh) * 2016-08-22 2020-07-03 阿里巴巴集团控股有限公司 一种用于分布式的网站程序漏洞扫描系统、方法和装置
US10460103B2 (en) * 2016-09-20 2019-10-29 International Business Machines Corporation Security for devices connected to a network
US10284589B2 (en) * 2016-10-31 2019-05-07 Acentium Inc. Methods and systems for ranking, filtering and patching detected vulnerabilities in a networked system
US10158654B2 (en) 2016-10-31 2018-12-18 Acentium Inc. Systems and methods for computer environment situational awareness
US10412110B2 (en) 2016-10-31 2019-09-10 Acentium, Inc. Systems and methods for multi-tier cache visual system and visual modes
US10601636B2 (en) * 2016-11-04 2020-03-24 Crosscode, Inc. Method and system for architecture analysis of an enterprise
US20180189697A1 (en) * 2016-12-30 2018-07-05 Lookingglass Cyber Solutions, Inc. Methods and apparatus for processing threat metrics to determine a risk of loss due to the compromise of an organization asset
US20180314833A1 (en) * 2017-04-28 2018-11-01 Honeywell International Inc. Risk analysis to identify and retrospect cyber security threats
WO2018234867A1 (en) * 2017-06-23 2018-12-27 Ganor Ido CORPORATE CYBERSECURITY RISK MANAGEMENT AND RESOURCE PLANNING
US10678954B2 (en) * 2017-09-21 2020-06-09 GM Global Technology Operations LLC Cybersecurity vulnerability prioritization and remediation
US10706155B1 (en) * 2017-09-28 2020-07-07 Amazon Technologies, Inc. Provision and execution of customized security assessments of resources in a computing environment
US10643002B1 (en) 2017-09-28 2020-05-05 Amazon Technologies, Inc. Provision and execution of customized security assessments of resources in a virtual computing environment
US11055415B2 (en) * 2017-09-29 2021-07-06 Valente Sherman, Inc. Computational risk analysis and intermediation
EP4312420A3 (de) 2018-02-20 2024-04-03 Darktrace Holdings Limited Verfahren zur geteilten analyse einer cybersicherheitsbedrohung und für verteidigungsmassnahmen innerhalb einer gemeinschaft
CN110896386B (zh) * 2018-09-12 2022-05-10 西门子(中国)有限公司 识别安全威胁的方法、装置、存储介质、处理器和终端
US11347843B2 (en) * 2018-09-13 2022-05-31 King Fahd University Of Petroleum And Minerals Asset-based security systems and methods
US11741196B2 (en) 2018-11-15 2023-08-29 The Research Foundation For The State University Of New York Detecting and preventing exploits of software vulnerability using instruction tags
US11159555B2 (en) 2018-12-03 2021-10-26 Accenture Global Solutions Limited Generating attack graphs in agile security platforms
US11184385B2 (en) 2018-12-03 2021-11-23 Accenture Global Solutions Limited Generating attack graphs in agile security platforms
US11277432B2 (en) 2018-12-03 2022-03-15 Accenture Global Solutions Limited Generating attack graphs in agile security platforms
US11283825B2 (en) 2018-12-03 2022-03-22 Accenture Global Solutions Limited Leveraging attack graphs of agile security platform
US11281806B2 (en) 2018-12-03 2022-03-22 Accenture Global Solutions Limited Generating attack graphs in agile security platforms
US11695795B2 (en) 2019-07-12 2023-07-04 Accenture Global Solutions Limited Evaluating effectiveness of security controls in enterprise networks using graph values
US11256671B2 (en) 2019-09-13 2022-02-22 Oracle International Corporation Integrated transition control center
US11201893B2 (en) * 2019-10-08 2021-12-14 The Boeing Company Systems and methods for performing cybersecurity risk assessments
US11171835B2 (en) * 2019-11-21 2021-11-09 EMC IP Holding Company LLC Automated generation of an information technology asset ontology
US20210232593A1 (en) * 2020-01-27 2021-07-29 Acentium Inc Systems and methods for intelligent segmentatioin and rendering of computer environment data
EP3872665A1 (de) 2020-02-28 2021-09-01 Accenture Global Solutions Limited Digitaler cyber-zwilling-simulator für sicherheitssteuerungsanforderungen
US11876824B2 (en) 2020-06-25 2024-01-16 Accenture Global Solutions Limited Extracting process aware analytical attack graphs through logical network analysis
US11483213B2 (en) 2020-07-09 2022-10-25 Accenture Global Solutions Limited Enterprise process discovery through network traffic patterns
US11411976B2 (en) 2020-07-09 2022-08-09 Accenture Global Solutions Limited Resource-efficient generation of analytical attack graphs
US12034756B2 (en) 2020-08-28 2024-07-09 Accenture Global Solutions Limited Analytical attack graph differencing
US11831675B2 (en) 2020-10-26 2023-11-28 Accenture Global Solutions Limited Process risk calculation based on hardness of attack paths
US11973790B2 (en) 2020-11-10 2024-04-30 Accenture Global Solutions Limited Cyber digital twin simulator for automotive security assessment based on attack graphs
AU2021269370A1 (en) 2020-12-18 2022-07-07 The Boeing Company Systems and methods for context aware cybersecurity
US11880250B2 (en) 2021-07-21 2024-01-23 Accenture Global Solutions Limited Optimizing energy consumption of production lines using intelligent digital twins
US11895150B2 (en) 2021-07-28 2024-02-06 Accenture Global Solutions Limited Discovering cyber-attack process model based on analytical attack graphs
US20230262086A1 (en) * 2022-02-17 2023-08-17 Northrop Grumman Systems Corporation Systems and methods for platform cyber vulnerability evaluation

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5751965A (en) * 1996-03-21 1998-05-12 Cabletron System, Inc. Network connection status monitor and display
US20020138416A1 (en) * 2001-01-02 2002-09-26 Lovejoy Kristin Gallina Object-oriented method, system and medium for risk management by creating inter-dependency between objects, criteria and metrics
US20030154269A1 (en) * 2002-02-14 2003-08-14 Nyanchama Matunda G. Method and system for quantitatively assessing computer network vulnerability
US20040102922A1 (en) * 2002-11-27 2004-05-27 Tracy Richard P. Enhanced system, method and medium for certifying and accrediting requirements compliance utilizing robust risk assessment model
US6883101B1 (en) * 2000-02-08 2005-04-19 Harris Corporation System and method for assessing the security posture of a network using goal oriented fuzzy logic decision rules
US20050114186A1 (en) * 2001-03-29 2005-05-26 Nicolas Heinrich Overall risk in a system

Family Cites Families (58)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5850516A (en) * 1996-12-23 1998-12-15 Schneier; Bruce Method and apparatus for analyzing information systems using stored tree database structures
US6298445B1 (en) * 1998-04-30 2001-10-02 Netect, Ltd. Computer security
US6282546B1 (en) * 1998-06-30 2001-08-28 Cisco Technology, Inc. System and method for real-time insertion of data into a multi-dimensional database for network intrusion detection and vulnerability assessment
US6125453A (en) * 1998-06-30 2000-09-26 Sandia Corporation Cut set-based risk and reliability analysis for arbitrarily interconnected networks
US6321338B1 (en) * 1998-11-09 2001-11-20 Sri International Network surveillance
US6301668B1 (en) * 1998-12-29 2001-10-09 Cisco Technology, Inc. Method and system for adaptive network security using network vulnerability assessment
US6990591B1 (en) * 1999-11-18 2006-01-24 Secureworks, Inc. Method and system for remotely configuring and monitoring a communication device
US6535227B1 (en) * 2000-02-08 2003-03-18 Harris Corporation System and method for assessing the security posture of a network and having a graphical user interface
US7096502B1 (en) 2000-02-08 2006-08-22 Harris Corporation System and method for assessing the security posture of a network
WO2001084285A2 (en) * 2000-04-28 2001-11-08 Internet Security Systems, Inc. Method and system for managing computer security information
US7299489B1 (en) * 2000-05-25 2007-11-20 Lucent Technologies Inc. Method and apparatus for host probing
US6907531B1 (en) * 2000-06-30 2005-06-14 Internet Security Systems, Inc. Method and system for identifying, fixing, and updating security vulnerabilities
US7340776B2 (en) * 2001-01-31 2008-03-04 International Business Machines Corporation Method and system for configuring and scheduling security audits of a computer network
US7287280B2 (en) * 2002-02-12 2007-10-23 Goldman Sachs & Co. Automated security management
US6782421B1 (en) * 2001-03-21 2004-08-24 Bellsouth Intellectual Property Corporation System and method for evaluating the performance of a computer application
US20020199122A1 (en) * 2001-06-22 2002-12-26 Davis Lauren B. Computer security vulnerability analysis methodology
US7003561B1 (en) * 2001-06-29 2006-02-21 Mcafee, Inc. System, method and computer program product for improved efficiency in network assessment utilizing a port status pre-qualification procedure
US7159125B2 (en) * 2001-08-14 2007-01-02 Endforce, Inc. Policy engine for modular generation of policy for a flat, per-device database
US7039953B2 (en) * 2001-08-30 2006-05-02 International Business Machines Corporation Hierarchical correlation of intrusion detection events
CA2464402C (en) * 2001-10-25 2010-04-06 General Dynamics Government Systems Corporation A method and system for modeling, analysis and display of network security events
KR100470915B1 (ko) * 2001-12-28 2005-03-08 한국전자통신연구원 Ip계층에서의 패킷 보안을 위한 인터넷 정보보호시스템의 제어 방법
AU2002360844A1 (en) * 2001-12-31 2003-07-24 Citadel Security Software Inc. Automated computer vulnerability resolution system
US7243148B2 (en) * 2002-01-15 2007-07-10 Mcafee, Inc. System and method for network vulnerability detection and reporting
US7152105B2 (en) * 2002-01-15 2006-12-19 Mcafee, Inc. System and method for network vulnerability detection and reporting
US7257630B2 (en) * 2002-01-15 2007-08-14 Mcafee, Inc. System and method for network vulnerability detection and reporting
US8256002B2 (en) * 2002-01-18 2012-08-28 Alcatel Lucent Tool, method and apparatus for assessing network security
US7240213B1 (en) * 2002-03-15 2007-07-03 Waters Edge Consulting, Llc. System trustworthiness tool and methodology
US7359962B2 (en) * 2002-04-30 2008-04-15 3Com Corporation Network security system integration
JP2005530239A (ja) * 2002-06-18 2005-10-06 コンピュータ アソシエイツ シンク,インコーポレイテッド エンタプライズアセットを管理する方法及びシステム
US7472421B2 (en) * 2002-09-30 2008-12-30 Electronic Data Systems Corporation Computer model of security risks
US6952779B1 (en) * 2002-10-01 2005-10-04 Gideon Cohen System and method for risk detection and analysis in a computer network
US7454499B2 (en) * 2002-11-07 2008-11-18 Tippingpoint Technologies, Inc. Active network defense system and method
US7376969B1 (en) * 2002-12-02 2008-05-20 Arcsight, Inc. Real time monitoring and analysis of events from multiple network security devices
AU2003297137A1 (en) * 2002-12-18 2004-07-29 Goldman, Sachs And Co. Interactive security risk management
US7409721B2 (en) * 2003-01-21 2008-08-05 Symantac Corporation Network risk analysis
US8091117B2 (en) * 2003-02-14 2012-01-03 Preventsys, Inc. System and method for interfacing with heterogeneous network data gathering tools
SG115533A1 (en) * 2003-04-01 2005-10-28 Maximus Consulting Pte Ltd Risk control system
US7451488B2 (en) * 2003-04-29 2008-11-11 Securify, Inc. Policy-based vulnerability assessment
US20040221176A1 (en) * 2003-04-29 2004-11-04 Cole Eric B. Methodology, system and computer readable medium for rating computer system vulnerabilities
US20050015672A1 (en) * 2003-06-25 2005-01-20 Koichi Yamada Identifying affected program threads and enabling error containment and recovery
US20070113265A2 (en) * 2003-07-01 2007-05-17 Securityprofiling, Inc. Automated staged patch and policy management
US7386883B2 (en) * 2003-07-22 2008-06-10 International Business Machines Corporation Systems, methods and computer program products for administration of computer security threat countermeasures to a computer system
US20050022021A1 (en) * 2003-07-22 2005-01-27 Bardsley Jeffrey S. Systems, methods and data structures for generating computer-actionable computer security threat management information
US20050080720A1 (en) * 2003-10-10 2005-04-14 International Business Machines Corporation Deriving security and privacy solutions to mitigate risk
US8561154B2 (en) * 2003-12-22 2013-10-15 International Business Machines Corporation Method for providing network perimeter security assessment
US8136163B2 (en) * 2004-01-16 2012-03-13 International Business Machines Corporation Method, apparatus and program storage device for providing automated tracking of security vulnerabilities
US8201257B1 (en) * 2004-03-31 2012-06-12 Mcafee, Inc. System and method of managing network security risks
US20050257269A1 (en) * 2004-05-03 2005-11-17 Chari Suresh N Cost effective incident response
US7372809B2 (en) * 2004-05-18 2008-05-13 Time Warner Cable, Inc. Thwarting denial of service attacks originating in a DOCSIS-compliant cable network
US7698275B2 (en) * 2004-05-21 2010-04-13 Computer Associates Think, Inc. System and method for providing remediation management
US7441272B2 (en) * 2004-06-09 2008-10-21 Intel Corporation Techniques for self-isolation of networked devices
US20060021044A1 (en) * 2004-07-22 2006-01-26 Cook Chad L Determination of time-to-defeat values for network security analysis
US7523504B2 (en) * 2004-08-02 2009-04-21 Netiq Corporation Methods, systems and computer program products for evaluating security of a network environment
US8312549B2 (en) * 2004-09-24 2012-11-13 Ygor Goldberg Practical threat analysis
US20060101519A1 (en) * 2004-11-05 2006-05-11 Lasswell Kevin W Method to provide customized vulnerability information to a plurality of organizations
US7278163B2 (en) * 2005-02-22 2007-10-02 Mcafee, Inc. Security risk analysis system and method
US8438643B2 (en) 2005-09-22 2013-05-07 Alcatel Lucent Information system service-level security risk analysis
US20090076969A1 (en) * 2007-09-19 2009-03-19 Collier Sparks System and method for deployment and financing of a security system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5751965A (en) * 1996-03-21 1998-05-12 Cabletron System, Inc. Network connection status monitor and display
US6883101B1 (en) * 2000-02-08 2005-04-19 Harris Corporation System and method for assessing the security posture of a network using goal oriented fuzzy logic decision rules
US20020138416A1 (en) * 2001-01-02 2002-09-26 Lovejoy Kristin Gallina Object-oriented method, system and medium for risk management by creating inter-dependency between objects, criteria and metrics
US20050114186A1 (en) * 2001-03-29 2005-05-26 Nicolas Heinrich Overall risk in a system
US20030154269A1 (en) * 2002-02-14 2003-08-14 Nyanchama Matunda G. Method and system for quantitatively assessing computer network vulnerability
US20040102922A1 (en) * 2002-11-27 2004-05-27 Tracy Richard P. Enhanced system, method and medium for certifying and accrediting requirements compliance utilizing robust risk assessment model

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
APOSTOLAKIS G E ET AL: "A Screening Methodology for the Identification and Ranking of Infrastructure Vulnerabilities Due to Terrorism", RISK ANALYSIS, PLENUM PRESS, NEW YORK, NY, US, vol. 25, no. 2, 1 April 2005 (2005-04-01), pages 361 - 376, XP002457051, ISSN: 0272-4332 *
MIKE SCHIFFMAN: "The Common Vulnerability Scoring System", RSA CONFERENCE 2005, February 2005 (2005-02-01), RSA Conference 2005, pages 1 - 41, XP002479898, Retrieved from the Internet <URL:http://www.packetfactory.net/papers/CVSS/cvss-ppt.pdf> [retrieved on 20080509] *

Also Published As

Publication number Publication date
US8438643B2 (en) 2013-05-07
EP1768043A2 (de) 2007-03-28
US20070067847A1 (en) 2007-03-22

Similar Documents

Publication Publication Date Title
EP1768043A3 (de) Sicherheitsrisikoanalyse auf Informationssystemservice-Ebene
EP1768046A3 (de) Systeme und Verfahren zum Assoziieren von Sicherheitslücken und Vermögen
WO2007008940A3 (en) Intelligent condition-monitoring and dault diagnostic system
WO2006072014A3 (en) System and method for effectuating computer network usage
WO2006039401A3 (en) Method and system for filtering, organizing and presenting selected information technology information as a function of business dimensions
WO2005043293A3 (en) Systems and methods for fraud management in relation to stored value cards
WO2005015345A3 (en) Financial investment advice system and method
EP2199942A3 (de) Verfahren und Systeme zur Aktivierung von durch eine Gemeinschaft getesteten Sicherheitsfunktionen für Altanwendungen
GB2430755A (en) Automated analysis of vehicle diagnostic data stream to identify anomaly
WO2007002838A3 (en) Whole-network anomaly diagnosis
WO2006039102A3 (en) System, software and method for examining a database in a forensic accounting environment
EP2306357A3 (de) Verfahren und System zur Erkennung von vorher unbekannter Malware
TW200727866A (en) Method and system for detecting and classifying mental states
EP1372318A3 (de) Vorrichtung zur Analyse einer Inhalts-Journaldatei und Kontrollvorrichtung für die Datenkommunikation
EP2199940A3 (de) Verfahren und Systeme zum Erkennen von Man-in-the-Browser-Angriffen
WO2006038924A8 (en) Consistent set of interfaces derived from a business object model
WO2010037014A3 (en) Systems and methods for analyzing a portfolio of intellectual property assets
WO2002054325A8 (en) Object-oriented method, system and medium for risk management by creating inter-dependency between objects, criteria and metrics
DE60308887D1 (de) Auslösen eines dienstbereitstellungsereignisses
WO2007030467A3 (en) Systems and methods for the provision of data processing services to multiple entities
EP1933281A3 (de) Verwaltungsverfahren für ein Authentifizierungssystem
WO2010005656A3 (en) Brain condition assessment
WO2008033480A3 (en) Security vulnerability determination in a computing system
WO2006105170A3 (en) Systems and methods for determining cost of capital for an entity in a bottom-up, fully risk-based manner
WO2007016273A3 (en) Systems, methods and apparatus of an email client

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC NL PL PT RO SE SI SK TR

AX Request for extension of the european patent

Extension state: AL BA HR MK YU

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: ALCATEL LUCENT

RIC1 Information provided on ipc code assigned before grant

Ipc: H04L 29/06 20060101ALI20071106BHEP

Ipc: G06F 21/00 20060101AFI20061215BHEP

PUAL Search report despatched

Free format text: ORIGINAL CODE: 0009013

AK Designated contracting states

Kind code of ref document: A3

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC NL PL PT RO SE SI SK TR

AX Request for extension of the european patent

Extension state: AL BA HR MK RS

17P Request for examination filed

Effective date: 20090105

AKX Designation fees paid

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC NL PL PT RO SE SI SK TR

17Q First examination report despatched

Effective date: 20090213

APBK Appeal reference recorded

Free format text: ORIGINAL CODE: EPIDOSNREFNE

APBN Date of receipt of notice of appeal recorded

Free format text: ORIGINAL CODE: EPIDOSNNOA2E

APBR Date of receipt of statement of grounds of appeal recorded

Free format text: ORIGINAL CODE: EPIDOSNNOA3E

APAF Appeal reference modified

Free format text: ORIGINAL CODE: EPIDOSCREFNE

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: ALCATEL LUCENT

111Z Information provided on other rights and legal means of execution

Free format text: AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC NL PL PT RO SE SI SK TR

Effective date: 20130410

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: ALCATEL LUCENT

D11X Information provided on other rights and legal means of execution (deleted)
APBT Appeal procedure closed

Free format text: ORIGINAL CODE: EPIDOSNNOA9E

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED

18R Application refused

Effective date: 20170127